RE: VPN architecture for POCKET PC

["Ghaith Nasrawi" <libero () aucegypt edu>]

Using VPN over a FW should be no problem if you've got a FW which is
NAT-Traversal aware (NAT-T). It should understand whether this is
normal traffic, or traffic meant to pass through the VPN tunnel. And
in case you'll be using IPsec, you don't even need NAT-T firewall,
since it detects the link type during phase 1 and reverts to ESP on
UDP to bypass the NAT problem.

---------- Initial Header -----------

> From      : "Trevor Cushen" Trevor.Cushen () sysnet ie
To          : "hassan hani" amni___ () hotmail com
Cc          : security-basics () securityfocus com
Date      : Wed, 1 Dec 2004 10:07:23 -0000
Subject : RE: VPN architecture for POCKET PC

> I would go with FW2 because using encrypted traffic through two
firewalls can be a problem if you are using NAT or PAT.  Then put an
IDS system between FW1 and FW2.  Hope this helps.
> -----Original Message-----
> From: hassan hani [mailto:amni___ () hotmail com]
> Sent: 30 November 2004 18:37
> To: security-basics () securityfocus com
> Subject: VPN architecture for POCKET PC
>
>
>
> we have tHIS ARCHITECTURE in our network
>
>
> LAN -------------FW1 ----------FW2------------Internet
>                                |
>                                |
>                               dMZ
>
>
>
> we want to implement a vpn for a usage only between a server in the
LAN and
> the Pocket PC .
>
> the pocket PC sould be connected to GPRS .
>
> my question is:
>
> where the VPN Gateway should be placed in the architecture above to
permit
> security?
>
> how to be sure that there will be no intrusion?
>
>
>
> This email and its attachments are solely for the attention of
amni___ () hotmail com.
> Please contact Trevor.Cushen () sysnet ie if you receive this mail in
error.
>

"Our care should not be to have lived long as to have lived enough.",
Seneca